Links

Cobalt

Cobalt is an integrated pentesting platform facilitating communication between development and security teams. Cobalt helps developers identify and mitigate security vulnerabilities in their code by specifying security policies and checking compliance with them. The tool can detect many vulnerabilities, including buffer overflows, integer overflows, and format string vulnerabilities.
Cobalt findings can be imported into a PlexTrac report.
This is a licensed feature.

Field Mappings

Below are the field mappings from Cobalt to PlexTrac, broken up by findings and assets.
Tables include the following columns:
  • Cobalt Field: this is the field name that appears in Cobalt
  • PlexTrac Field: this is the field name that appears in PlexTrac
  • Direction: this displays the direction that the flow of data is occurring for the integration (a value of "x" means that the value is not imported)
  • Required: this denotes if a value is required or not for the import to be successful
  • Notes: additional information

Findings Field Mappings

Cobalt Field
Direction
PlexTrac Field
Required?
Notes
Finding Title
-->
Finding Title
yes
Finding Suggested Fix
-->
Recommendations
yes
Finding Descriptions, Type Category
-->
Finding Description
yes
Finding State
-->
Finding Status
yes
Status
Has multiple values, listed below in italics.
Triaging
-->
Finding="OPEN"
no
Pending Fix
-->
Finding="OPEN"
no
Ready for Retest
-->
Finding="OPEN"
no
Resolved
-->
Finding="OPEN"
no
Vulnerability Remediation
-->
Finding Recommendations
yes
Log [Created]
-->
Created At
yes
Finding Severity
-->
Finding Severity
yes
Severity
Has multiple values, listed below in italics.
Informational
-->
Informational
no
Low
-->
Low
no
Medium
-->
Medium
no
High
-->
High
no
Critical
-->
Critical
no
Pentest Name
-->
Finding Custom Field "Cobalt Pentest Report Name"
yes
Cobalt Proof of Concept
-->
Finding Custom Field "Cobalt Proof of Concept"
no

Asset Field Mappings

Cobalt Field
Direction
PlexTrac Field
Required?
Notes
Finding Affected Targets
-->
Affected Assets
yes
IP or Hostname

Deduplication Logic

If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the finding unique identifier value pulled from Cobalt in parenthesis at the end of the finding title.

Integrating with Cobalt

Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations".
Step 2: Click Connect within the Cobalt box.
If the integration is not licensed and thus unavailable, the message "License required" will appear.
Step 3: If existing connections exist, they are listed on this page. To set up a new integration, click the New connection button.
Step 4: A modal appears with four tabs. Enter a name for the integration and the Cobalt API key. Click Continue.
Step 5: Select the Cobalt organization value from the pulldown menu. Click Continue.
The Cobalt Organization value is found within Cobalt. Visit Cobalt documentation on how to generate an API key.
Step 6: A list of the field mappings from Cobalt to PlexTrac is displayed. Click Save.
None of these fields can be edited and are displayed for visibility.
Step 7: A log of integration attempts is listed. Since an attempt to synchronize is attempted after entering configuration information on the first tab, at least one entry will be listed. Click Close.

Editing Existing Connections

Cobalt integrations can be edited by clicking Edit under the "Actions" column.
Cobalt integrations can be disabled by clicking the toggle bar under the "Enabled" column.
Cobalt integrations can be manually synchronized by clicking Sync under the "Actions" column.
Cobalt integrations can be deleted by clicking the three dots under the "Actions" column and then clicking Delete. A modal will appear, asking for confirmation of the action.
© 2023 PlexTrac, Inc. All rights reserved.